Latest Posts

Exfiltrating remote localStorage data with XSS - Insomnihack teaser 2017 "The Great escape part 2" web 200 writeup
Exfiltrating data from remote browser localStorage using XSS (Insomnihack teaser 2017 web 200 writeup)
Exploiting internal tomcat server with SSRF - Insomnihack teaser 2017 Web 50 writeup
Exploiting internal tomcat server (with default credentials) using SSRF (Insomnihack teaser 2017 Web 50 writeup)
eLearnSecurity Practical Web Defense (eWDP) course review
Practical Web Defense is a unique course which focus on both attacking and *defending* web Applications unlike the traditional courses which focuses only on attacking applications.
Bypassing path restriction on whitelisted CDNs to circumvent CSP protections - SECT CTF Web 400 writeup
How can we bypass CSP using whitelisted CDNs and path traversal (SECT CTF 2016 web 400 writeup)
Abusing file inclusions using Windows 8.3 filename legacy shortcodes - MMACTF Rotten Uploader web 150 writeup
Using the legacy windows 8.3 filename short code, we bypass the filter to download files. (MMACTF 2016 web 150 writeup)